https://www.techtarget.com/searchsecurity/tutorial/How-to-use-Netcat-Commands-and-use-cases
Netcat is arguably the most flexible network security tool available to security administrators today, and one that is valuable for any security practitioner to have in-depth knowledge of.
Let's take a look at how to use Netcat and explore some situations where you can put it to good use.
Netcat is a small, lightweight tool designed to send and receive data over a network. Much like the Linux and Unix cat utilities output the content of a file to a terminal or stdout, Netcat does the same thing but over the network.
While this sounds modest in scope, security practitioners can use it creatively and string it together with itself or other commands in surprisingly powerful ways. Consider just a few of the many possible use cases:
The widespread popularity of Netcat boils down to the following key factors:
Let's explore how the tool works in greater detail and highlight some situations where you might consider using it.
Netcat operates in one of two modes: as a server -- i.e., listener -- or as a client. Both are useful depending on the context, though the latter is more commonly used. The format of an extremely basic usage scenario is nc <host> <port> to connect to a remote host and nc -l <port> to listen on a given port.
Like many command-line tools, Netcat offers a lot of options. It has dozens of switches that enable you to control everything from the details of the network -- e.g., which versions of IP to support, among them TCP or UDP, timeouts, time-to-live, etc. -- and what data it sends to external commands that you can chain with it.
Given the large number of options -- some of which are only used in rare circumstances -- I won't cover all of them here. The following are among the most common and why you might choose them (again, this is not an exhaustive list):
Let's examine how to use Netcat by exploring how to create a server connection. This is foundational to much of how it is used in the field. You could, for example, need to create a remote shell on a victim box in a red teaming context. Or, you might want to emulate the server side of a connection to test how resistant a service is to man-in-the-middle attacks.
The screen capture below illustrates using Netcat (nc) to create a listening socket on port 80. I used Firefox to connect to that socket to showcase how Netcat captures and displays inbound data -- in this case, the data being sent from Firefox -- being sent to that listening socket.
Note how I ran nc as root using sudo. That's because the default behavior in most Linux and Unix environments is to require root permissions to create low -- i.e., below 1024 -- sockets. High ports -- i.e., above 1024 -- are not similarly encumbered and do not require root permission.
Unless you specify otherwise, using the –l (listen) flag causes nc to block -- i.e., wait -- until a connection is made. You can either specify no additional flags, as I've done here, for default mode or you can use the -k flag -- e.g., nc -lk 80 -- to have Netcat listen for new connection attempts after each connection closes.
Now, you might think it's unlikely you'll need or want to use Netcat to mimic the behavior of a web server -- particularly an insecure one that doesn't support TLS. For the most part, that's likely true. I've used this as an example for two reasons. First, HTTP is one of the simpler network protocols out there, so it's easy to illustrate Netcat's functionality. Second, extending this functionality to other protocols is intuitive and far from useless. Not only can you examine other unencrypted protocols, but bear in mind that it's not unheard of for HTTP-only connections to be used both as clients and servers for internal traffic. This is true for legacy equipment, industrial control systems, special-purpose healthcare devices and numerous other scenarios.
Let's look at the other side of that connection: the client. Initiating a connection from a client is similarly easy to accomplish. Building on the earlier example, if you want to view the server's response to the above request from our browser, do the following:
In this example, I used a standard Linux pipe -- the vertical bar operator signified by the | character -- to redirect the output of the initial command to a new command, in this case nc <host> 80.
I could have opened a connection directly to the remote host. Instead, I attached the output of the listening socket to the input of the new client connection to illustrate the client connection functionality, as well as the ability to chain Netcat instances together with other commands or even with Netcat itself. This in turn means you can pipe or redirect file output to Netcat, pipe input and output between different instances and numerous other actions. This again showcases how you can use Netcat in such powerful and flexible ways.
As an example of that, I could have constructed an HTTP request to send instead in the manner depicted below:
This is almost exactly the same, except the origin of the request is a file on the filesystem instead of the output of another Netcat command. You can extend this concept in numerous ways. For example, you can create a command-and-control channel for use in a red team context -- watch an example of this in the companion video; with the addition of a named pipe (mknod) you could create a quick and dirty proxy server; you can send and receive in real-time the output of commands, etc. If you have experience with the Linux-Unix CLI, you can use Netcat in many powerful ways.
Used creatively, Netcat is one of the most flexible and common tools in your security arsenal. Try Netcat today to explore how it can help solve security challenges in your day to day.
Ed Moyle is a technical writer with more than 25 years of experience in information security. He is a partner at SecurityCurve, a consulting, research and education company.
21 Nov 2025